| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Nach Browser Redirect Entfernung RunDLL FehlerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.01.2016, 15:09
| #1 |
| |  Windows 7: Nach Browser Redirect Entfernung RunDLL Fehler Hallo, mein Opa hat mir seinen Laptop gegeben (Win7, 64Bit), weil seine Browser auf Werbung umgelenkt haben, und das auch, wenn er sie nicht selber gestartet hat. Ich habe AdwCleaner, MaladwareBytes und HitmanPro Scans durchgeführt und dann alle Browser (Firefox, Chrome, iExplorer) zurückgesetzt. Ich habe auch einen Microsoft Security Essentials Scan durchgeführt, aber dafür finde ich die log files nicht und das "PC bereinigen" ist stecken geblieben. Das Problem war nicht behoben, also habe ich diese Anleitung (https://malwaretips.com/blogs/remove-browser-redirect-virus/) befolgt: 1. Kaspersky tdssKiller 2. RKill 3. Malwarebytes 4. HitmanPro 5. AdwCleaner 6. Junkware removal tool 7. Emsisoft emergency kit 8. zurücksetzen von Firefox, Chrome und Internet Explorer Seitdem ist das Umleiten auf Werbung verschwunden, aber nach jedem Hochfahren erhalte ich die folgenden Fehlermeldungen: RunDLL Problem beim Starten von C:\Users\goddi\AppData\Local\FoodBrowser\ {4EAFF718-4D08-7271-955A-411F96BFBEB9}\FoodBrowser.dll Das angegebene Modul wurde nicht gefunden RunDLL Problem beim Starten von C:\Users\goddi\AppData\Local\FoodBrowser\ {4EAFF718-4D08-7271-955A-411F96BFBEB9}\xryuk.dll Das angegebene Modul wurde nicht gefunden Und hier weiß ich mir gar nicht mehr zu helfen und wäre über jede Hilfe dankbar. Ich konnte leider nicht alle logFiles einfügen, daher sind die FRST und Addition im Anhang. Ich stell sie gerne auch noch mal so ein. Die TDSSKiller logfile war leider auch zu groß für den Anhang. Die RKill logfile hab ich leider überschrieben. maladwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 30.12.2015 Suchlaufzeit: 22:13 Protokolldatei: malwarebytesLog.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.30.05 Rootkit-Datenbank: v2015.12.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: goddi Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 342519 Abgelaufene Zeit: 30 Min., 59 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 Trojan.Dropper.MSIL, C:\Program Files (x86)\MaxComputerCleaner_v17.475\MaxComputerCleaner_Maintenance.exe, 2284, Löschen bei Neustart, [78c54269cdbefe382d5e393201007d83] PUP.Optional.CSDI, C:\Program Files (x86)\rec_en_77\rec_en_77.exe, 4232, Löschen bei Neustart, [b984f1bab8d33afc1b2e15a9976dbc44] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 34 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}, In Quarantäne, [6bd218933e4d0d29c69f116351b1619f], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}, In Quarantäne, [6bd218933e4d0d29c69f116351b1619f], PUP.Optional.TaskRNDM, HKCU\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, [46f79516cebdd85eff07adbf2fd321df], PUP.Optional.CrossRider, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6E86699E-2698-1A57-33C9-691DD28B77A4}, In Quarantäne, [9e9f69427e0d62d43ca0d5b503016f91], PUP.Optional.BoBrowser, HKCU\SOFTWARE\BoBrowser, In Quarantäne, [f24b19925f2c8ea8d6d923735fa4f808], PUP.Optional.MultiPlug, HKCU\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [a69787240a8190a61716558a5ca78080], PUP.Optional.MultiPlug, HKCU\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [a69787240a8190a61716558a5ca78080], PUP.Optional.Searching, HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, In Quarantäne, [cd701b90a2e94ee83fe7803ed82a8d73], PUP.Optional.DeskCut, HKCU\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [53eaaefdadde3ef8ef09a4fe42c12bd5], PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB, In Quarantäne, [330a1398afdcac8a9f7cdfdc758e38c8], PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced System~Protector, Löschen bei Neustart, [e05df0bb652638fe8fb5543f9c677d83], PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced System~Protector_startup, Löschen bei Neustart, [61dc2784c3c8f93d271de2dd09f901ff], PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.5-chromeinstaller, Löschen bei Neustart, [db62fdae6d1ee45262b2e3c45ba8dd23], PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.5-codedownloader, Löschen bei Neustart, [95a86f3cbad1da5cdf3544639b6837c9], PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.5-enabler, Löschen bei Neustart, [51ecd3d8fb9057df5cb83077ab583ac6], PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.5-firefoxinstaller, Löschen bei Neustart, [56e7218a9eedd56132e2edbacf349e62], PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.5-updater, Löschen bei Neustart, [fd40ceddeaa18aacac68a6019271b24e], PUP.Optional.PassWidget, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PassWidget Update, Löschen bei Neustart, [87b6c5e67a112511d0a3912a61a2946c], PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UNELEVATE_16450, Löschen bei Neustart, [fc418229810a4fe7e02cf6e012f1827e], PUP.Optional.FFPluginHp, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [9aa31596f497c4729d78188fd52e02fe], PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mysites123Software, In Quarantäne, [57e67635701b023489c8f0cab84a8f71], PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, In Quarantäne, [e756119abbd01f17e6d91eac0af923dd], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\SVH\rec_en_77, In Quarantäne, [d667b2f95b3094a260a803dbe51ecc34], PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [74c91398890235015fc338a4699a7f81], PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASAPI32, In Quarantäne, [033ac1eae2a94de91628ffdd1ae96898], PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASMANCS, In Quarantäne, [c27b674433588caa84baac306f9421df], PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysites123 uninstall, In Quarantäne, [a796c1ea99f2043255fb4674986a629e], PUP.Optional.Recover, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rec_en_77_is1, In Quarantäne, [79c48e1d47441620163d3f8145befe02], PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, In Quarantäne, [9e9f13982e5d1521a56e51bbe61e21df], PUP.Optional.MyTubeTheater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}, In Quarantäne, [85b8d6d56f1c0d29b1ce8f4cb54e53ad], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, In Quarantäne, [82bbebc0cfbc6ccad730011142c29868], PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [023bc0ebfa91999d769c1ba1a55ec937], PUP.Optional.Vitruvian, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SWSEDRVR_VT_1_10_0_25, In Quarantäne, [2b129417b5d6ae8837169725649e31cf], PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [d667c5e6e3a877bfd5bd478b17ec1de3], Registrierungswerte: 14 Trojan.Dropper.MSIL, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|MaxComputerCleaner_v17.475, C:\Program Files (x86)\MaxComputerCleaner_v17.475\MaxComputerCleaner_Maintenance.exe ro, In Quarantäne, [78c54269cdbefe382d5e393201007d83] PUP.Optional.CSDI, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rec_en_77, "C:\Program Files (x86)\rec_en_77\rec_en_77.exe", In Quarantäne, [b984f1bab8d33afc1b2e15a9976dbc44] PUP.Optional.BrowserWeb, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|BrowserWeb.exe, 11001, In Quarantäne, [6fce1d8ee2a9181e52864ec7a163c33d] PUP.Optional.WebBar, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, In Quarantäne, [91aca6053e4da0967c759b7ae222629e] PUP.Optional.DeskCut, HKCU\SOFTWARE\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, In Quarantäne, [53eaaefdadde3ef8ef09a4fe42c12bd5] PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB|monitype19, 5/17/15 16:33:3, In Quarantäne, [330a1398afdcac8a9f7cdfdc758e38c8] PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB|monitype20, 5/17/15 16:33:3, In Quarantäne, [4df00ba0fe8d7cba9685358641c2827e] PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB|monitype22, 5/17/15 16:33:3, In Quarantäne, [023b5f4ccdbe54e2fa21c5f6ce35c937] PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB|monitype37, 5/17/15 16:33:3, In Quarantäne, [e85525861e6d85b15ebdb7044db6728e] PUP.Optional.OutBrowse, HKCU\SOFTWARE\OB|monitype6, 5/17/15 16:33:23, In Quarantäne, [59e45d4ee7a4c0763dde55661ee57c84] PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, globalupdate Helper, In Quarantäne, [82bbebc0cfbc6ccad730011142c29868] PUP.Optional.DeskCut, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\vtosuasb.default\extensions\deskCutv2@gmail.com, In Quarantäne, [7ac3d2d9dfac7fb7b148f3af7b888779] PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|yahooprotected@gmail.com, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\vtosuasb.default\extensions\yahooprotected@gmail.com, In Quarantäne, [96a75556018abb7bdd0c6258847ef40c] PUP.Optional.Vitruvian, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsedrvr_vt_1_10_0_25|ImagePath, system32\drivers\swsedrvr_vt_1_10_0_25.sys, In Quarantäne, [2b129417b5d6ae8837169725649e31cf] Registrierungsdaten: 4 PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492, Gut: (firefox.exe), Schlecht: (C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492),Ersetzt,[3a03dad1b0db979f1bab79175aaa8c74] PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492, Gut: (iexplore.exe), Schlecht: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492),Ersetzt,[51ecf7b4800b102601c7cfc121e33ec2] PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492, Gut: (firefox.exe), Schlecht: (C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492),Ersetzt,[9e9fb5f6701be3530eb8711f8b7907f9] PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492, Gut: (iexplore.exe), Schlecht: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1352465820&z=0d9e998673f291338ac97dfgfz2z3t9tbtfbdbecae&from=tt4u&uid=SAMSUNGXHN-M500MBB_S2R7J9CBB04492),Ersetzt,[43fa8427771430063c8cccc438cc43bd] Ordner: 17 PUP.Optional.MultiPlug.Gen, C:\ProgramData\12311454251960066588, In Quarantäne, [4feec3e84e3d4cea865b3558cf342bd5], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\jetpack\@AFF4CA8FC9EB533B0AA247D1339E0D67AFF4, In Quarantäne, [003db0fb5536a78f9749afda6c96dd23], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\jetpack\@AFF4CA8FC9EB533B0AA247D1339E0D67AFF4\simple-storage, In Quarantäne, [003db0fb5536a78f9749afda6c96dd23], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector, In Quarantäne, [7bc2307bc7c40e287e3d1377a0628878], PUP.Optional.Recover, C:\Users\goddi\AppData\Local\rec_en_77, In Quarantäne, [f4498625a8e33501db561d8bb2502cd4], PUP.Optional.Recover, C:\Users\goddi\AppData\Local\rec_en_77\rec_en_77, In Quarantäne, [f4498625a8e33501db561d8bb2502cd4], PUP.Optional.Recover, C:\Users\goddi\AppData\Local\rec_en_77\rec_en_77\1.20, In Quarantäne, [f4498625a8e33501db561d8bb2502cd4], PUP.Optional.Recover, C:\Program Files (x86)\rec_en_77, Löschen bei Neustart, [023b4d5e14778babd161dace7f83db25], PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x, In Quarantäne, [e15c8c1f315a50e68715d6e2a161a060], PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log, In Quarantäne, [e15c8c1f315a50e68715d6e2a161a060], PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\update, In Quarantäne, [e15c8c1f315a50e68715d6e2a161a060], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component, Löschen bei Neustart, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser, Löschen bei Neustart, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component2, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}, Löschen bei Neustart, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp\1.0.1_0, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], Dateien: 92 Trojan.Dropper.MSIL, C:\Program Files (x86)\MaxComputerCleaner_v17.475\MaxComputerCleaner_Maintenance.exe, Löschen bei Neustart, [78c54269cdbefe382d5e393201007d83], PUP.Optional.CSDI, C:\Program Files (x86)\rec_en_77\rec_en_77.exe, Löschen bei Neustart, [b984f1bab8d33afc1b2e15a9976dbc44], PUP.Optional.CrossRider, C:\Program Files (x86)\5348dc2e-0a61-4a60-a8ba-7acb13082b49\5348dc2e-0a61-4a60-a8ba-7acb13082b49.dll, In Quarantäne, [d4696b407714e84e20102804e120857b], PUP.Optional.CrossRider, C:\Program Files (x86)\5348dc2e-0a61-4a60-a8ba-7acb13082b49\cf48b2b3-8ccb-4b67-bba4-6e9670eff2f3.dll, In Quarantäne, [08357338f19a44f22808e6469e638977], PUP.Optional.ChinAd, C:\Users\goddi\AppData\Local\Temp\InstallHelper.exe, In Quarantäne, [df5e139805864aec89a4525350b15ba5], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-4J8DA.tmp\600.exe, In Quarantäne, [9da08526b7d49a9c873334917a87916f], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-4J8DA.tmp\623.exe, In Quarantäne, [53eac2e95338ad898436bd0818e9fb05], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-4J8DA.tmp\package_AnySend_installer_multilang.exe, In Quarantäne, [76c76c3faae181b5c5f58e372ed37c84], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-4J8DA.tmp\package_SByoutube_installer_multilang.exe, In Quarantäne, [053802a97c0f6accf9c174510cf51de3], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-4J8DA.tmp\package_vuupc_installer_multilang.exe, In Quarantäne, [62dba902a1ead1651b9eb3127a8724dc], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\380.exe, In Quarantäne, [320bdecd94f779bd1ed61e11e41db848], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\420.exe, In Quarantäne, [e55848634843c76fc52f8fa07e837888], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\465.exe, In Quarantäne, [76c7a40718734de9df0b1faa0ef39e62], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\473.exe, In Quarantäne, [86b7d3d869224de97bfdb7117a87e719], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\493.exe, In Quarantäne, [fc4113985d2e0b2bbf35959aac55c63a], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\600.exe, In Quarantäne, [9da0218a6526ad896c88e14e48b905fb], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\607.exe, In Quarantäne, [ad90c6e52c5f90a603f1a689f20f2dd3], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\643.exe, In Quarantäne, [3805703bed9efb3b2dc7ae810bf67c84], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\package_bobrowser_installer_multilang.exe, In Quarantäne, [43fa37747e0d0a2c6c881d124bb6d030], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\package_oursurfing_installer_multilang.exe, In Quarantäne, [221b77340a819b9b896bc76850b114ec], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\package_SByoutube_installer_multilang.exe, In Quarantäne, [f845adfe7a11f83e3bb9022d8d748e72], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-FLUI5.tmp\package_wajam_installer_multilang.exe, In Quarantäne, [b4892f7c464515214fa5d65914ed5ea2], PUP.Optional.Clara, C:\Users\goddi\AppData\Local\Temp\is-I7ATK.tmp\437.exe, In Quarantäne, [c57845660b80c670719fa7882cd5a759], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-NOR0O.tmp\663.exe, In Quarantäne, [9da07734b8d3c175318918adf20f24dc], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-NOR0O.tmp\465.exe, In Quarantäne, [60dd6744fa9160d628c229a0b9486e92], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-NOR0O.tmp\package_bobrowser_installer_multilang.exe, In Quarantäne, [6ecfc5e61378b87e9f9c371fcc35ff01], PUP.Optional.Tuto4PC, C:\Users\goddi\AppData\Local\Temp\is-OSCED.tmp\Z2VudGxlbWptcF9pZXU=.exe, In Quarantäne, [91ac4269cdbe5dd9cd871390db26768a], PUP.Optional.Tuto4PC, C:\Users\goddi\AppData\Local\Temp\is-POSE9.tmp\Z2VudGxlbWptcF9pZXU=.exe, In Quarantäne, [c87525868506cc6a2e26a300b34e26da], PUP.Optional.BundleInstaller, C:\Users\goddi\AppData\Local\Temp\is-QUIK3.tmp\493.exe, In Quarantäne, [b38a25866427c76f49ee467bbe43ff01], PUP.Optional.BundleInstaller, C:\Users\goddi\AppData\Local\Temp\is-QUIK3.tmp\package_oursurfing_installer_multilang.exe, In Quarantäne, [c7767f2c7c0f40f638ff3e83cd3428d8], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\package_bobrowser_installer_multilang.exe, In Quarantäne, [53eab5f64b4068ceb44038f7847de41c], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\420.exe, In Quarantäne, [ac91f4b7ff8c0d2939bbc966966bdf21], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\465.exe, In Quarantäne, [122b7e2d90fbce6828c25a6f24dd7f81], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\473.exe, In Quarantäne, [0e2f3675810aa88ee7915d6b6f92d828], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\493.exe, In Quarantäne, [ae8f0ba08ffc76c0eb09f837976aae52], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\600.exe, In Quarantäne, [132a6843cfbcbf77e60e65cadb2602fe], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\607.exe, In Quarantäne, [e85567441774dd59f20233fcab56be42], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\643.exe, In Quarantäne, [9da08526a1ea7eb8fcf8af8028d97888], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\package_oursurfing_installer_multilang.exe, In Quarantäne, [ec51c6e5abe083b312e26ac5e61b7a86], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\package_SByoutube_installer_multilang.exe, In Quarantäne, [98a5466584076ccaa252d35c39c86e92], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-U2T69.tmp\package_wajam_installer_multilang.exe, In Quarantäne, [c677911aff8c280e04f0f13e22dff10f], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\465.exe, In Quarantäne, [5edf3675b8d388ae7a7016b3a160cc34], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\473.exe, In Quarantäne, [55e8d0db6e1dd660b6c27d4b69980af6], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\600.exe, In Quarantäne, [57e626850586ea4c9624d2f3da27f010], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\623.exe, In Quarantäne, [55e8edbe25660d290bafc500976a31cf], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\663.exe, In Quarantäne, [2518a605dab13ef82b8ff2d37a879868], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\697.exe, In Quarantäne, [fe3f3d6e4c3fed4923975a6b9f62ea16], PUP.Optional.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\package_bobrowser_installer_multilang.exe, In Quarantäne, [97a6dbd02368013577c4e07613eea858], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\package_SByoutube_installer_multilang.exe, In Quarantäne, [122befbca7e4f4428238c6ff10f1ca36], Adware.EoRezo, C:\Users\goddi\AppData\Local\Temp\is-USP93.tmp\package_vuupc_installer_multilang.exe, In Quarantäne, [b6876f3cd6b57bbba316c8fd629f0af6], PUP.Optional.CrossRider, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}\FoodBrowser.dll, Löschen bei Neustart, [8faef6b5b6d561d5d80446445ea6748c], PUP.Optional.CrossRider, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}\xryuk.dll, Löschen bei Neustart, [7ebf614ad3b838fe27dcbecee61e758b], PUP.Optional.CrossRider, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}\{1735A999-7D43-AAAF-8245-B581F29B89C8}.dll, In Quarantäne, [9e9f69427e0d62d43ca0d5b503016f91], PUP.Optional.MultiPlug.Gen, C:\ProgramData\12311454251960066588\1127ee4bc5542a8a51831e573fcbdeda.ini, In Quarantäne, [4feec3e84e3d4cea865b3558cf342bd5], PUP.Optional.MultiPlug.Gen, C:\ProgramData\12311454251960066588\3faef590036f7af851831e573fcbdeda.ini, In Quarantäne, [4feec3e84e3d4cea865b3558cf342bd5], PUP.Optional.MultiPlug.Gen, C:\ProgramData\12311454251960066588\9abca57d33d1b89f51831e573fcbdeda.ini, In Quarantäne, [4feec3e84e3d4cea865b3558cf342bd5], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\extensions\@AFF4CA8FC9EB533B0AA247D1339E0D67AFF4.xpi, In Quarantäne, [e6571596553668ce93307819798a2dd3], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced System~Protector, In Quarantäne, [2c11b9f24d3e3afcc47c0b88a3602ad6], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [ef4e9d0ef59683b3c423319e689b48b8], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [9aa358536a2146f00fd8fcd34eb58080], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [201daefdc3c8df57fee99c3301025ea2], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [4bf2e8c36625fe38aa3d844b1ce744bc], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [2b12e1ca8902ee4819ce26a952b18779], PUP.Optional.Vitruvian, C:\Users\goddi\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [f14c00ab800bc670d116ce01f11249b7], PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\UNELEVATE_16450, In Quarantäne, [41fcd4d71b70e551b456b224af54ca36], PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, In Quarantäne, [4fee614a068543f32c8a439a897a7090], PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, In Quarantäne, [e756416a3e4d74c28e28439a50b306fa], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced System~Protector_startup, In Quarantäne, [04390e9d513a3ff716d520f134d034cc], PUP.Optional.FireFoxHijack, C:\Program Files (x86)\Mozilla Firefox\defaults\pref\!AFF4CA8FC9EB533B0AA247D1339E0D67AFF4.js, In Quarantäne, [ab92585315768fa7b6d2cd4b18ecbb45], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\jetpack\@AFF4CA8FC9EB533B0AA247D1339E0D67AFF4\simple-storage\store.json, In Quarantäne, [003db0fb5536a78f9749afda6c96dd23], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Advanced System~Protector entfernen.lnk, In Quarantäne, [7bc2307bc7c40e287e3d1377a0628878], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Advanced System~Protector.lnk, In Quarantäne, [7bc2307bc7c40e287e3d1377a0628878], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Register Advanced System~Protector.lnk, In Quarantäne, [7bc2307bc7c40e287e3d1377a0628878], PUP.Optional.Recover, C:\Users\goddi\AppData\Local\rec_en_77\rec_en_77\1.20\cnf.cyl, In Quarantäne, [f4498625a8e33501db561d8bb2502cd4], PUP.Optional.Recover, C:\Users\goddi\AppData\Local\rec_en_77\rec_en_77\1.20\eorezo.cyl, In Quarantäne, [f4498625a8e33501db561d8bb2502cd4], PUP.Optional.Recover, C:\Program Files (x86)\rec_en_77\unins000.dat, In Quarantäne, [023b4d5e14778babd161dace7f83db25], PUP.Optional.Recover, C:\Program Files (x86)\rec_en_77\unins000.exe, In Quarantäne, [023b4d5e14778babd161dace7f83db25], PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log\ProtectWindowsManager_2015-12-13[10-28-26-943].log, In Quarantäne, [e15c8c1f315a50e68715d6e2a161a060], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\config.json, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\hello.js, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\log.html, Löschen bei Neustart, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\manifest.json, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\scriptTagContext.js, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\tmp_bg.js, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component\uconfig.json, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\Component2\plugin, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}\c.dat, In Quarantäne, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.CrossAd.Gen, C:\Users\goddi\AppData\Local\Food Browser\{4EAFF718-4D08-7271-955A-411F96BFBEB9}\{6BA7654F-3369-6E84-1204-3DE746C0E576}.dat, Löschen bei Neustart, [59e42487bccfde5883c4457c27ddfc04], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp\1.0.1_0\manifest.json, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp\1.0.1_0\background.js, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp\1.0.1_0\content.js, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], PUP.Optional.EduApp, C:\Users\goddi\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpolimnaapdjlikeedlkhiedamllgbp\1.0.1_0\icon.png, In Quarantäne, [aa93e9c24e3d71c595a3a41e81839769], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 30/12/2015 um 22:58:03
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : goddi - PAUL
# Gestartet von : C:\Users\goddi\Desktop\AdwCleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.18124
-\\ Mozilla Firefox v38.0.1 (x86 de)
[ Datei : C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\prefs.js ]
-\\ Google Chrome v47.0.2526.106
[ Datei : C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15139 octets] - [23/01/2014 16:50:00]
AdwCleaner[R1].txt - [1115 octets] - [23/01/2014 17:10:49]
AdwCleaner[R2].txt - [49163 octets] - [26/05/2015 11:14:47]
AdwCleaner[R3].txt - [2775 octets] - [01/06/2015 10:02:00]
AdwCleaner[R4].txt - [1928 octets] - [01/06/2015 10:27:32]
AdwCleaner[R5].txt - [1772 octets] - [01/06/2015 10:41:45]
AdwCleaner[R6].txt - [1656 octets] - [01/06/2015 10:48:32]
AdwCleaner[R7].txt - [21968 octets] - [01/06/2015 10:53:37]
AdwCleaner[R8].txt - [2189 octets] - [30/12/2015 22:58:03]
AdwCleaner[S0].txt - [12500 octets] - [23/01/2014 16:51:05]
AdwCleaner[S1].txt - [1179 octets] - [23/01/2014 17:11:20]
AdwCleaner[S2].txt - [41032 octets] - [26/05/2015 11:17:07]
AdwCleaner[S3].txt - [2683 octets] - [01/06/2015 10:03:05]
AdwCleaner[S4].txt - [1991 octets] - [01/06/2015 10:29:04]
AdwCleaner[S5].txt - [1833 octets] - [01/06/2015 10:42:57]
AdwCleaner[S6].txt - [1717 octets] - [01/06/2015 10:49:30]
AdwCleaner[S7].txt - [19158 octets] - [01/06/2015 10:56:13]
########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [2732 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 30/12/2015 um 23:04:53
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : goddi - PAUL
# Gestartet von : C:\Users\goddi\Desktop\AdwCleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C424171E-592A-415A-9EB1-DFD6D95D3530}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.18124
-\\ Mozilla Firefox v38.0.1 (x86 de)
[ Datei : C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\prefs.js ]
-\\ Google Chrome v47.0.2526.106
[ Datei : C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15139 octets] - [23/01/2014 16:50:00]
AdwCleaner[R1].txt - [1115 octets] - [23/01/2014 17:10:49]
AdwCleaner[R2].txt - [49163 octets] - [26/05/2015 11:14:47]
AdwCleaner[R3].txt - [2775 octets] - [01/06/2015 10:02:00]
AdwCleaner[R4].txt - [1928 octets] - [01/06/2015 10:27:32]
AdwCleaner[R5].txt - [1772 octets] - [01/06/2015 10:41:45]
AdwCleaner[R6].txt - [1656 octets] - [01/06/2015 10:48:32]
AdwCleaner[R7].txt - [21968 octets] - [01/06/2015 10:53:37]
AdwCleaner[R8].txt - [2824 octets] - [30/12/2015 22:58:03]
AdwCleaner[S0].txt - [12500 octets] - [23/01/2014 16:51:05]
AdwCleaner[S1].txt - [1179 octets] - [23/01/2014 17:11:20]
AdwCleaner[S2].txt - [41032 octets] - [26/05/2015 11:17:07]
AdwCleaner[S3].txt - [2683 octets] - [01/06/2015 10:03:05]
AdwCleaner[S4].txt - [1991 octets] - [01/06/2015 10:29:04]
AdwCleaner[S5].txt - [1833 octets] - [01/06/2015 10:42:57]
AdwCleaner[S6].txt - [1717 octets] - [01/06/2015 10:49:30]
AdwCleaner[S7].txt - [19158 octets] - [01/06/2015 10:56:13]
AdwCleaner[S8].txt - [2733 octets] - [30/12/2015 23:04:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2793 octets] ##########
Code:
ATTFilter
3. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 31.12.2015 Suchlaufzeit: 15:56 Protokolldatei: malwarebytesLog2.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.31.04 Rootkit-Datenbank: v2015.12.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: goddi Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 345895 Abgelaufene Zeit: 19 Min., 41 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter HitmanPro 3.7.12.253
www.hitmanpro.com
Computer name . . . . : PAUL
Windows . . . . . . . : 6.1.1.7601.X64/2
Safe Mode Boot . . . : NETWORK
User name . . . . . . : paul\goddi
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2015-12-31 16:16:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 47s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 1.388.242
Files scanned . . . . : 25.300
Remnants scanned . . : 264.180 files / 1.098.762 keys
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 31/12/2015 um 16:31:37
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : goddi - PAUL
# Gestartet von : C:\Users\goddi\Desktop\AdwCleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.18124
-\\ Mozilla Firefox v38.0.1 (x86 de)
[ Datei : C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\prefs.js ]
-\\ Google Chrome v47.0.2526.106
[ Datei : C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15139 octets] - [23/01/2014 16:50:00]
AdwCleaner[R1].txt - [1115 octets] - [23/01/2014 17:10:49]
AdwCleaner[R2].txt - [49163 octets] - [26/05/2015 11:14:47]
AdwCleaner[R3].txt - [2775 octets] - [01/06/2015 10:02:00]
AdwCleaner[R4].txt - [1928 octets] - [01/06/2015 10:27:32]
AdwCleaner[R5].txt - [1772 octets] - [01/06/2015 10:41:45]
AdwCleaner[R6].txt - [1656 octets] - [01/06/2015 10:48:32]
AdwCleaner[R7].txt - [21968 octets] - [01/06/2015 10:53:37]
AdwCleaner[R8].txt - [2824 octets] - [30/12/2015 22:58:03]
AdwCleaner[R9].txt - [1350 octets] - [31/12/2015 16:31:37]
AdwCleaner[S0].txt - [12500 octets] - [23/01/2014 16:51:05]
AdwCleaner[S1].txt - [1179 octets] - [23/01/2014 17:11:20]
AdwCleaner[S2].txt - [41032 octets] - [26/05/2015 11:17:07]
AdwCleaner[S3].txt - [2683 octets] - [01/06/2015 10:03:05]
AdwCleaner[S4].txt - [1991 octets] - [01/06/2015 10:29:04]
AdwCleaner[S5].txt - [1833 octets] - [01/06/2015 10:42:57]
AdwCleaner[S6].txt - [1717 octets] - [01/06/2015 10:49:30]
AdwCleaner[S7].txt - [19158 octets] - [01/06/2015 10:56:13]
AdwCleaner[S8].txt - [2885 octets] - [30/12/2015 23:04:53]
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1953 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 31/12/2015 um 16:34:21
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : goddi - PAUL
# Gestartet von : C:\Users\goddi\Desktop\AdwCleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.18124
-\\ Mozilla Firefox v38.0.1 (x86 de)
[ Datei : C:\Users\goddi\AppData\Roaming\Mozilla\Firefox\Profiles\f4kw95q1.default-1451507751031\prefs.js ]
-\\ Google Chrome v47.0.2526.106
[ Datei : C:\Users\goddi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15139 octets] - [23/01/2014 16:50:00]
AdwCleaner[R1].txt - [1115 octets] - [23/01/2014 17:10:49]
AdwCleaner[R2].txt - [49163 octets] - [26/05/2015 11:14:47]
AdwCleaner[R3].txt - [2775 octets] - [01/06/2015 10:02:00]
AdwCleaner[R4].txt - [1928 octets] - [01/06/2015 10:27:32]
AdwCleaner[R5].txt - [1772 octets] - [01/06/2015 10:41:45]
AdwCleaner[R6].txt - [1656 octets] - [01/06/2015 10:48:32]
AdwCleaner[R7].txt - [21968 octets] - [01/06/2015 10:53:37]
AdwCleaner[R8].txt - [2824 octets] - [30/12/2015 22:58:03]
AdwCleaner[R9].txt - [2033 octets] - [31/12/2015 16:31:37]
AdwCleaner[S0].txt - [12500 octets] - [23/01/2014 16:51:05]
AdwCleaner[S1].txt - [1179 octets] - [23/01/2014 17:11:20]
AdwCleaner[S2].txt - [41032 octets] - [26/05/2015 11:17:07]
AdwCleaner[S3].txt - [2683 octets] - [01/06/2015 10:03:05]
AdwCleaner[S4].txt - [1991 octets] - [01/06/2015 10:29:04]
AdwCleaner[S5].txt - [1833 octets] - [01/06/2015 10:42:57]
AdwCleaner[S6].txt - [1717 octets] - [01/06/2015 10:49:30]
AdwCleaner[S7].txt - [19158 octets] - [01/06/2015 10:56:13]
AdwCleaner[S8].txt - [2885 octets] - [30/12/2015 23:04:53]
AdwCleaner[S9].txt - [1954 octets] - [31/12/2015 16:34:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2014 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by goddi (Administrator) on 31.12.2015 at 16:41:00,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 55
Successfully deleted: C:\Program Files (x86)\MaxComputerCleaner_v17.475 (Folder)
Successfully deleted: C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf (Folder)
Successfully deleted: C:\ProgramData\b15477ed64c6439c8e2e6616d0e298ed (Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{10492DE0-426B-458A-813F-59E4BE2BDDE0} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{105D985A-0A1A-47B2-B9A4-7C5EDB834510} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{159F77A0-A3C3-4D52-9419-EE3F099A5563} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{1D2CA401-B598-490A-BC5E-3A2E6F9793A9} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{2BE84D8A-4081-4989-94FF-D0A5D889A9F6} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{2EA19964-A6D1-4D8A-B0D9-C05AC94E8A83} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{32948FED-5750-4874-A8C2-B167815D44D5} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{3BA51D2E-163A-4021-A487-BF309ED9C649} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{4D0E721A-7680-4398-9F4C-8D44339CBF57} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{5013EC4A-5414-4DB2-A007-BA29E3A4AE59} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{51411983-D132-4F94-810C-C0C97B2691A6} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{5434C8CC-2816-4954-ACF9-51785CDBF143} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{615E5E7D-839C-4A12-82B4-B1C2485A41F6} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{6714C377-81D3-4F81-8021-2163511565E2} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{6B38F897-9C82-4CFE-AFEE-79B1D4D3417F} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{6BC28F00-2E3F-427B-89E8-7E9B546DFDDD} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{8810BE7C-485B-47A6-82D7-331FFE089F7B} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{9583DA7F-4472-4F7E-AF3B-B373A5F78455} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{99FF40FB-0884-483C-BB9D-2545F1843D52} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{9C158D37-121F-4233-A8B9-EA4CCB7EC23A} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{9FFE6DF6-1FE7-4910-981D-39623349B105} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{A70C22FE-36B3-488E-8D8D-5BB600A51E4C} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{AFEDF526-1FE8-4FB5-801B-4BB3997D1905} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{B1F5CA91-A7D1-4F3D-A41A-5E6768682A10} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{B6C73454-0EB8-4AE3-9249-DABF25136C0A} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{B80F55D7-73FA-4FF4-AB70-AB566CF5616A} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{B8C16793-1949-4168-A905-20F7FDEF6C6F} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{BA7C97A7-D900-479E-B3E8-A384680CE3F6} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{C017C2C6-E1D5-486D-B145-49D4CA9AACC9} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{C59CDDC4-5744-4F09-B7B3-A6C18E7BB4D8} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{C88D7F93-9892-421F-9AC0-BD12A0AACEDC} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{DD13C74F-25B2-4BD6-8E41-24F49E25C6E2} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{E1254B02-89E4-4A55-AEC5-D50087CC0B0C} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{E50ADC38-6855-49C4-92E4-D3D0EE9E2BD4} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{E989D827-435D-4517-BFBD-186E48F94843} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{ED380BB0-3374-4C1D-8CC2-CE09C79659C2} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{FC873F50-921E-4B29-83D4-883EE2F0B2F5} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{FCC4EE5E-D906-4F0A-A3CA-E61CB0A0647D} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\{FFB59847-BEB8-4904-987B-FA6C4CB4B00D} (Empty Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\icsharpcode.net (Folder)
Successfully deleted: C:\Users\goddi\AppData\Local\installer (Folder)
Successfully deleted: C:\users\Public\Documents\guid (Folder)
Successfully deleted: C:\windows\system32\Tasks\EasySpeedUpManager (Task)
Successfully deleted: C:\Program Files\003 (Folder)
Successfully deleted: C:\windows\SysWOW64\sho2E62.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho3F9F.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho8B76.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9570.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoAA64.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoE63D.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoF27D.tmp (File)
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.12.2015 at 16:46:57,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Scan-Protokoll
Datum Scan-Methode Gescannt: Erkannt Dauer Typ
31.12.2015 17:08:03 Malware-Scan 76120 12 0:12:19 Manueller Scan
Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Quarantäne-Protokoll
Datum Quelle Vorgang Fund
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_USERS\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\WEBAPP Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:56 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU Unter Quarantäne Application.Toolbar (A)
31.12.2015 17:35:55 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Unter Quarantäne Application.AdInstall (A)
31.12.2015 17:35:55 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Unter Quarantäne Application.AdInstall (A)
31.12.2015 17:35:55 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{82351433-9094-11D1-A24B-00A0C932C7DF} Unter Quarantäne Application.AdInstall (A)
31.12.2015 17:35:55 C:\Users\goddi\Favorites\links\games.url Unter Quarantäne Adware.Win32.Gipho (A)
Schon einen vielen Dank! Lara |
| Themen zu Windows 7: Nach Browser Redirect Entfernung RunDLL Fehler |
| askbar, browser, defender, desktop, dll, fehler, firefox, google, helper, home, iexplore.exe, internet, internet explorer, kaspersky, löschen, modul, mozilla, neustart, opera, problem, rundll, security, software, starten, werbung, windows |
Baum-Darstellung